Total
34412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15732 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. | |||||
| CVE-2019-15726 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. | |||||
| CVE-2019-15719 | 1 Altair | 1 Pbs Professional | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
| Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user. | |||||
| CVE-2019-15718 | 3 Fedoraproject, Redhat, Systemd Project | 14 Fedora, Enterprise Linux, Enterprise Linux Eus and 11 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings. | |||||
| CVE-2019-15712 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. | |||||
| CVE-2019-15711 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. | |||||
| CVE-2019-15707 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. | |||||
| CVE-2019-15698 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10. | |||||
| CVE-2019-15687 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component was vulnerable to remote disclosure of various information about the user's system (like Windows version and version of the product, host unique ID). Information Disclosure. | |||||
| CVE-2019-15686 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-11-21 | 5.8 MEDIUM | 4.3 MEDIUM |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass. | |||||
| CVE-2019-15685 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable such product's security features as private browsing and anti-banner. Bypass. | |||||
| CVE-2019-15684 | 2 Google, Kaspersky | 2 Chrome, Protection | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions. | |||||
| CVE-2019-15657 | 1 Eslint-utils Project | 1 Eslint-utils | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code. | |||||
| CVE-2019-15650 | 1 Easyupdatesmanager | 1 Easy Updates Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error. | |||||
| CVE-2019-15631 | 1 Mulesoft | 2 Api Gateway, Mule Runtime | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. | |||||
| CVE-2019-15629 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device. | |||||
| CVE-2019-15625 | 1 Trendmicro | 1 Password Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information. | |||||
| CVE-2019-15623 | 3 Nextcloud, Opensuse, Suse | 3 Nextcloud Server, Backports Sle, Package Hub | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. | |||||
| CVE-2019-15617 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login. | |||||
| CVE-2019-15595 | 1 Ui | 1 Unifi Video Controller | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands. | |||||